CLEANACCESS Archives

September 2005

CLEANACCESS@LISTSERV.MIAMIOH.EDU
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: Edge switches disappear behind CleanAccess?[Scanned]
From:
Ryan Dorman <[log in to unmask]>
Reply To:
Perfigo SecureSmart and CleanMachines Discussion List <[log in to unmask]>
Date:
Thu, 1 Sep 2005 11:47:04 -0400
Content-Type:
text/plain
Parts/Attachments:
text/plain (110 lines) 
Agreed, it is a good security practice to not have management IP's for devices on the same VLAN/Subnet as user traffic.  The way we handle this is the switches that consolidates all of the residence halls has a separate trunk line out of it that only carries management VLAN traffic this way it is not touched by CCA.  If you need hope designing such a scenario please let me know.
 
Ryan Dorman, CCNP
Netowrk Communications Specialist
Communications and Network Services
Millerville University

________________________________

From: Perfigo SecureSmart and CleanMachines Discussion List on behalf of Matt Moore
Sent: Thu 9/1/2005 11:42 AM
To: [log in to unmask]
Subject: Re: [PERFIGO] Edge switches disappear behind CleanAccess?[Scanned]



The separate vlan works well for us as well.

Matt Moore
Systems Administrator
Dakota Wesleyan University
605-995-2187    

-----Original Message-----
From: Perfigo SecureSmart and CleanMachines Discussion List
[mailto:[log in to unmask]] On Behalf Of ken whittaker
Sent: Thursday, September 01, 2005 8:09 AM
To: [log in to unmask]
Subject: Re: Edge switches disappear behind CleanAccess?[Scanned]

    We created a VLAN just for the switches .. It's not part of CCA so
    it does not take up any address space of the CCA vlan  ... Works
well ..
   
Ken Whittaker
Network Manager
Information Technology Group

Keene State College
229 Main St
Keene NH, 03435

Voice:      603.358.2537
Fax:         603.358.2780

> From: Benjamin McDonald <[log in to unmask]>
> Reply-To: Perfigo SecureSmart and CleanMachines Discussion List
> <[log in to unmask]>
> Date: Thu, 1 Sep 2005 08:56:26 -0400
> To: <[log in to unmask]>
> Subject: Re: Edge switches disappear behind CleanAccess?
>
> We've just been adding the switch's MAC address to the device filter.
>
> Benjamin McDonald
> Information Systems Coordinator
> George Washington University
> W: 202.994.3934
> C: 202.207.4112
>
>
>
> Kurt Huenemann wrote:
>
>> Dear Perfigo/CCA users,
>>
>> We've had a very successful rollout of CleanAccess 3.5.4 at
Heidelberg
>> College this fall.  I hope one of you can help with an odd
"side-effect"
>> that I hope to resolve....
>>
>> We have Cisco 3550 switches in the Res Halls, and they each have an
IP
>> address in the same VLAN as the student residents.  Once we turn over
>> control of that VLAN to the CleanAccess server, we can no longer
>> ping/telnet/browse to those edge switches from anywhere outside the
>> managed
>> VLAN.
>>
>> Cisco TAC suggested that I add those switches' IP addresses to the
CCA
>> Manager via CCA.Servers>>Filters>>Subnets with a /32 mask and "Allow"
>> which
>> I have done.  This sounds like it should work, but there is no change
in
>> behavior.
>>
>> How are you addressing your edge devices so they can still be
>> seen/managed
>> from the core or elsewhere on your network?
>>
>> Thanks, in advance, for your suggestions.
>>
>> Kurt
>>
>> ____________________________________________________
>> Kurt E. Huenemann '83
>> Assoc. Director of Information Technology
>> Asst. Professor of Computer Science
>> Heidelberg College
>> 310 East Market Street
>> Tiffin, OH 44883
>>
>> Internet: [log in to unmask]
>> Fax:      419-448-2176
>> Voice:    419-448-2351
>> ____________________________________________________
>>

ATOM RSS1 RSS2